What is claimed is: 

1. An integrated circuit card for use with a 
terminal , comprising : 

a communicator configured to communicate with 
5 the terminal; 

a memory storing: 

an application having a high level 
programming language format, and 

an interpreter; and 
10 a processor coupled to the memory, the 

processor configured to use the interpreter to interpret the 
application for execution and to use the communicator to 
communicate with the terminal. 

2. The integrated circuit card of claim 1, wherein 
15 the high level programming language format comprises a class 

file format. 

3 . The integrated circuit card of claim 1 wherein 
the processor comprises a microcontroller. 

4 . The integrated circuit card of claim 1 wherein 
20 at least a portion of the memory is located in the 

processor. 

5. The integrated circuit card of claim 1 wherein 
the high level programming language format comprises a Java 
programming language format. 
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6. The integrated circuit card of claim 1, wherein 
the application has been processed from a 

second application having a string of characters, and 

the string of characters is represented in the 
5 first application by an identifier. 

7. The integrated circuit card of claim 6, wherein 
the identifier comprises an integer. 

8. The integrated circuit card of claim 1 wherein 
the processor is further configured to: 

10 receive a request from a requester to access an 

element of the card; 

after receipt of the request, interact with the 
requester to authenticate an identity of the requester; and 
based on the identity, selectively grant access 
15 to the element . 

9. The integrated circuit card of claim 8, wherein 
the requester comprises the processor. 

10. The integrated circuit card of claim 8, wherein 
the requester comprises the terminal . 

20 11. The integrated circuit card of claim 8, wherein 

the element comprises the application stored in 

the memory, and 

once access is allowed, the requester is 

configured to use the application. 

25 12. The integrated circuit card of claim 8, wherein 

the element comprises another application 
stored in the memory. 
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13* The integrated circuit card of claim 8, wherein 
the element includes data stored in the memory. 

14 . The integrated circuit card of claim 8 wherein 
the element comprises the communicator. 

15. The integrated circuit card of claim 8, wherein 
the memory also stores an access control list for the 
element, the access control list furnishing an indication of 
types of access to be granted to the identity, the processor 
further configured to: 

based on the access control list, selectively 
grant specific types of access to the requester. 

16. The integrated circuit card of claim 15 wherein 
the types of access include reading data. 

17. The integrated circuit card of claim 15 wherein 
the types of access include writing data. 

18. The integrated circuit card of claim 15 wherein 
the types of access include appending data. 



19. The integrated circuit card of claim 15 wherein 
the types of access include creating data. 

20. The integrated circuit card of claim 15 wherein 
the types of access include deleting data. 



21. The integrated circuit card of claim 15 wherein 
the types of access include executing an application. 
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22. The integrated circuit card of claim 1, wherein 
the application is one of a plurality of applications stored 
in the memory , the processor is further configured to: 

receive a request from a requester to access 
one of the plurality of applications; 

after receipt of the request, determine whether 
said one of the plurality of applications complies with a 
predetermined set of rules; and 

based on the determination, selectively grant 
access to the requester to said one of the plurality of 
applications . 

23. The integrated circuit card of claim 22, 
wherein the predetermined rules provide a guide for 
determining whether said one of the plurality of 
applications accesses a predetermined region of the memory. 

24. The integrated circuit card of claim 22, 
wherein the processor is further configured to: 

authenticate an identity of the requester; and 
grant access to said one of the plurality of 
applications based on the identity. 

25. The integrated circuit card of claim 1, wherein 
the processor is further configured to: 

interact with the terminal via the communicator 
to authenticate an identity; and 

determine if the identity has been 
authenticated; and 

based on the determination, selectively allow 
communication between the terminal and the integrated 
circuit card. 
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26. The integrated circuit card of claim 25, 
wherein the communicator and the terminal communicate via 
communication channels, the processor further configured to 
assign one of the communication channels to the identity 
when the processor allows the communication between the 
terminal and the integrated circuit card. 

27. The integrated circuit card of claim 26, 
wherein the processor is further configured to: 

assign a session key to said one of the 
communication channels, and 

use the session key when the processor and the 
terminal communicate via said one of the communication 
channels. 

28. The integrated circuit card of claim 1, wherein 
the terminal has a card reader and the communicator 
comprises a contact for communicating with the card reader. 

29. The integrated circuit card of claim 1, wherein 
the terminal has a wireless communication device and the 
communictor a wireless transceiver for communicating with 
the wireless communication device. 

30. The integrated circuit card of claim 1, wherein 
the terminal has a wireless communication device and the 
communicator comprises a wireless transmitter for 
communicating with the wireless communication device. 
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31. A method for use with an integrated circuit 
card and a terminal, comprising: 

storing an interpreter and an application 
having a high level programming language format in a memory 
of the integrated circuit card; and 

using a processor of the integrated circuit 
card to use the interpreter to interpret the application for 
execution; and 

using a communicator of the card when 
communicating between the processor and the terminal. 

32. The method of claim 31, wherein the high level 
programming language format comprises a class file format. 

33. The method of claim 31, wherein the processor 
comprises a microcontroller. 

34. The method of claim 31, wherein at least a 
portion of the memory is located in the processor. 

35. The method of claim 31, wherein the high level 
programming language format comprises a Java programming 
language format. 

36. The method of claim 1, wherein 

the application has been processed from a 
second application having a string of characters, further 
comprising: 

representing the string of characters in the 
first application by an identifier. 

37. The method of claim 36, wherein the identifier 
includes an integer. 
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38. The method of claim 31, further comprising: 
receiving a request from a requester to access 

an element of the card; 

after receipt of the request, interacting with 
the requester to authenticate an identity of the requester; 
and 

based on the identity, selectively granting 
access to the element. 

39. The method of claim 3 8 , wherein the requester 
comprises the processor. 

40. The method of claim 38, wherein the requester 
comprises the terminal. 

41. The method of claim 38, wherein the element 
comprises the application stored in the memory, further 
comprising: 

once access is allowed, using the application 
with the requester. 

42. The method of claim 38, wherein the element 
comprises another application stored in the memory. 

43. The method of claim 38, wherein the element 
includes data stored in the memory. 

44. The method of claim 38, wherein the element 
comprises the communicator. 



45. The method of claim 38, wherein the memory also 
stores an access control list for the element, the access 
control list furnishing an indication of types of access to 
be granted to the identity, further comprising: 

based on the access control list, using the 
processor to selectively grant specific types of access to 
the requester. 

46. The method of claim 45, wherein the types of 
access include reading data. 

47. The method of claim 45, wherein the types of 
access include writing data. 

48. The method of claim 45, wherein the types of 
access include appending data, 

49. The method of claim 45, wherein the types of 
access include creating data. 

50. The method of claim 45, wherein the types of 
access include deleting data. 

51. The method of claim 45, wherein the types of 
access including executing an application. 



52. The method of claim 31, wherein the application 
is one of a plurality of applications stored in the memory, 
further comprising: 

receiving a request from a requester to access one 
of the applications stored in the memory; 

upon receipt of the request, determining whether 
said one of the plurality of applications complies with a 
predetermined set of rules; and 

based on the determining, selectively granting 
access to the said one of the plurality of applications. 

53. The method of claim 52, wherein the 
predetermined rules provide a guide for determining whether 
said one of the plurality of applications accesses a 
predetermined region of the memory. 

54. The method of claim 52, further comprising: 
authenticating an indent ity of the requester; and 
based on the indentity, granting access' to said one 

of the plurality of applications. 

55. The method of claim 31, further comprising: 
communicating with the terminal to authenticate 

an identity; 

determining if the identity has been 
authenticated; and 

based on the determining, selectively allowing 
communication between the terminal and the integrated 
circuit card. 
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56. The method of claim 55, further comprising: 
communicating between the terminal and the 

processor via communication channels; and 

assigning one of the communication channels to 
the identity when the allowing allows communication between 
the card reader and the integrated circuit card. 

57. The method of claim 56, further comprising: 
assigning a session key to said one of the 

communication channels; and 

using the session key when the processor and 
the terminal communicate via said one of the communication 
channels . 
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58, A smart card comprising: 

a memory storing a Java interpreter; and 
a processor configured to use the interpreter 
to interpret a Java application for execution. 



59. A microcontroller comprising: 
a semiconductor substrate; 

a memory located in the substrate; 

a programming language interpreter stored in 
the memory and configured to implement security checks; and 

a central processing unit located in the 
substrate and coupled to the memory. 

60. The microcontroller of claim 59, wherein the 
interpreter comprises a Java byte code interpreter. 

61. The microcontroller of claim 59 , wherein the 
security checks comprise establishing firewalls. 

62. The microcontroller of claim 59 , wherein the 
security checks comprise enforcing a sandbox security model. 

63. A smart card comprising: 
a memory; 

a programming language interpreter stored in 
the memory and configured to implement security checks; and 
a central processing unit coupled to the 

memory . 

64. The smart card of claim 63, wherein the 
interpreter comprises a Java byte code interpreter. 
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65. The smart card of claim 63, wherein the 
security checks comprise establishing firewalls. 

66. The smart card of claim 63, wherein the 
security checks comprise enforcing a sandbox security model. 

67. An integrated circuit card for use with a 
terminal , comprising : 

a communicator; 

a memory storing an interpreter and first 
instructions of a first application, the first instructions 
having been converted from second instructions of a second 
application; and 

a processor coupled to the memory and 
configured to use the interpreter to execute the first 
instructions and to communicate with the terminal via the 
communicator. 

68. The integrated circuit card of claim 67, 
wherein the first application has a class file format. 

69. The integrated circuit card of claim 67, 
wherein the second application has a class file format. 

70. The integrated circuit card of claim 67, 
wherein the first instructions comprise byte codes. 

71. The integrated circuit card of claim 67, 
wherein the second instructions comprise byte codes. 

72. The integrated circuit card of claim 67, 
wherein the first instructions comprise Java byte codes. 
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73. The integrated circuit card of claim 67, 
wherein the second instructions comprise Java byte codes. 



74. The integrated circuit card of claim 67, 
wherein the first instructions comprise generalized versions 
of the second instructions. 



75. The integrated circuit card of claim 67, 
wherein the first instructions comprise renumbered versions 
of the second instructions. 



76. The integrated circuit card of claim SI, 

wherein 

the second instructions include constant references, 

and 

the first instructions include constants that 
replace the constant references of the second instructions. 

77. The integrated circuit card of claim 67, 

wherein 

the second instructions include references, the 
references shifting location during the conversion of the 
second instructions to the first instructions, and 

the first instructions are relinked to the 
references after the shifting. 

78. The integrated circuit card of claim 67, 

wherein 

the first instructions comprise byte codes for a 
first type of virtual machine, and 

the second instructions comprise byte codes for a 
second type of virtual machine, the first type being 
different from the second type. 
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79. A method for use with an integrated circuit 
card, comprising: 

converting second instructions of a second 
application to first instructions of a first application; 

storing the first instructions in a memory of 
the integrated circuit card; and 

using an interpreter of the integrated circuit 
card to execute the first instructions. 

80. The method of claim 79, wherein the first 
application has a class file format. 

81. The method of claim 79, wherein the second 
application has a class file format. 

82. The method of claim 79, wherein the first 
instructions comprise byte codes. 

83. The method of claim 79, wherein the second 
instructions comprise byte codes. 

84. The method of claim 79, wherein the first 
instructions comprise Java byte codes. 

85. The method of claim 79, wherein the second 
instructions comprise Java byte codes. 

86. The method of claim 79, wherein the first 
instructions are generalized versions of the second 
instructions . 
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87. The method of claim 79, wherein the converting 
includes renumbering the second instructions to form first 
instructions . 

88. The method of claim 79, wherein the second 
instructions include constant references, and 

the converting includes replacing the constant 
references of the second instructions with constants. 



89. The method of claim 79, wherein the second 
instructions include references and the converting includes 
shifting location of the references, further comprising: 

relinking the first instructions to the references 
after the converting. 

90. The method of claim 79, wherein 

the first instructions comprise byte codes for a 
first type of virtual machine, and 

the second instructions comprise byte codes for a 
second type of virtual machine, the first type being 
different from the second type. 
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91- An integrated circuit for use with a terminal, 
comprising: 

a communicator configured to communicate with the 
terminal; 

a memory storing a first application that has been 
processed from a second application having a string of 
characters, the string of characters being represented in 
the first application by an identifier; and 

a processor coupled to the memory, the 
processor configured to use the interpreter to interpret the 
first application for execution and to use the communicator 
to communicate with the terminal. 

92. The integrated circuit card of claim 91, 
wherein the identifier comprises an integer. 

93 . A method for use with an integrated circuit 
card and a terminal comprising: 

processing a second application to create a first 
application, the second application having a string of 
characters; 

representing the string of characters of the first 
application by an identifier in the second application; 

storing an interpreter and the first application in 
a memory of the integrated circuit card; and 

using a processor of the integrated circuit card to 
use an interpreter to interpret the first application for 
execution. 

94. The method of claim 93, wherein the indentifier 
includes an integer. 
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95. A microcontroller comprising: 
a memory storing: 

an application having a class file format, 

and 

an interpreter; and 
a processor coupled to the memory, the 
processor configured to use the interpreter to interpret the 
application for execution, 

96. The microcontroller of claim 95, further 
comprising: 

a communicator configured to communicate with a 
terminal . 

97. The microcontroller of claim 96, wherein the 
terminal has a card reader and the communicator comprises a 
contact for communicating with the card reader. 

98. The microcontroller of claim 96, wherein the 
terminal has a wireless communication device and the 
communictor a wireless transceiver for communicating with 
the wireless communication device. 

99. The microcontroller of claim 96, wherein the 
terminal has a wireless communication device and the 
communicator comprises a wireless transmitter for 
communicating with the wireless communication device. 

100. The microcontroller of claim 95, wherein the 
class file format comprises a Java class file format. 
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101. A method for use with an integrated circuit 
card, comprising: 

storing a first application in a memory of the 
integrated circuit card; 

storing a second application in the memory of the 
integrated circuit card; and 

creating a firewall that isolates the first and 
second applications so that the second application cannot 
access either the first application or data associated with 
the first application, 

102. The method of claim 101, wherein the first and 
second applications comprise Java byte codes. 

103. The method of claim 100, wherein the creating 
includes using a Java interpreter. 

104. The method of claim 101, wherein 

the storing of the first application is performed in 
association with manufacture of the integrated circuit card; 
and 

the storing of the second application is performed 
at a later time after the manufacture is completed. 



- 57 - 



105. An integrated circuit card for use with a 
terminal , comprising : 

a communicator configured to communicate with 
the terminal; 

a memory storing: 

applications, each application having a 
high level programming language format, and 

an interpreter; and 
a processor coupled to the memory, the 
processor configured to: 

a. ) use the interpreter to interpret the 
applications for execution, 

b. ) use the interpreter to create a 
firewall to isolate the applications from each other, and 

c. ) use the communicator to communicate 

with the terminal. 



- 58 - 



